package org.apache.jmeter.assertions;

import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.FileInputStream;
import java.io.IOException;
import java.math.BigInteger;
import java.security.GeneralSecurityException;
import java.security.Security;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Properties;
import javax.mail.MessagingException;
import javax.mail.Session;
import javax.mail.internet.MimeMessage;
import javax.mail.internet.MimeMultipart;
import org.apache.jmeter.samplers.SampleResult;
import org.apache.jorphan.util.JOrphanUtils;
import org.bouncycastle.asn1.x500.AttributeTypeAndValue;
import org.bouncycastle.asn1.x500.RDN;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.asn1.x500.style.BCStyle;
import org.bouncycastle.asn1.x500.style.IETFUtils;
import org.bouncycastle.asn1.x509.Extension;
import org.bouncycastle.asn1.x509.GeneralName;
import org.bouncycastle.asn1.x509.GeneralNames;
import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateHolder;
import org.bouncycastle.cms.CMSException;
import org.bouncycastle.cms.SignerInformation;
import org.bouncycastle.cms.SignerInformationVerifier;
import org.bouncycastle.cms.jcajce.JcaSimpleSignerInfoVerifierBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.mail.smime.SMIMEException;
import org.bouncycastle.mail.smime.SMIMESignedParser;
import org.bouncycastle.operator.OperatorCreationException;
import org.bouncycastle.operator.bc.BcDigestCalculatorProvider;
import org.bouncycastle.util.Store;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/jmeter/assertions/SMIMEAssertion.class */
class SMIMEAssertion {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SMIMEAssertionTestElement.class);

    SMIMEAssertion() {
    }

    public static AssertionResult getResult(SMIMEAssertionTestElement sMIMEAssertionTestElement, SampleResult sampleResult, String str) {
        MimeMessage messageFromResponse;
        checkForBouncycastle();
        AssertionResult assertionResult = new AssertionResult(str);
        try {
            int specificMessagePositionAsInt = sMIMEAssertionTestElement.getSpecificMessagePositionAsInt();
            if (specificMessagePositionAsInt < 0) {
                SampleResult[] subResults = sampleResult.getSubResults();
                int length = subResults.length + specificMessagePositionAsInt;
                log.debug("Getting message number: {} of {}", Integer.valueOf(length), Integer.valueOf(subResults.length));
                messageFromResponse = getMessageFromResponse(sampleResult, length);
            } else {
                log.debug("Getting message number: {}", Integer.valueOf(specificMessagePositionAsInt));
                messageFromResponse = getMessageFromResponse(sampleResult, specificMessagePositionAsInt);
            }
            SMIMESignedParser sMIMESignedParser = null;
            if (log.isDebugEnabled()) {
                log.debug("Content-type: {}", messageFromResponse.getContentType());
            }
            if (messageFromResponse.isMimeType("multipart/signed")) {
                sMIMESignedParser = new SMIMESignedParser(new BcDigestCalculatorProvider(), (MimeMultipart) messageFromResponse.getContent());
            } else if (messageFromResponse.isMimeType("application/pkcs7-mime") || messageFromResponse.isMimeType("application/x-pkcs7-mime")) {
                sMIMESignedParser = new SMIMESignedParser(new BcDigestCalculatorProvider(), messageFromResponse);
            }
            if (null != sMIMESignedParser) {
                log.debug("Found signature");
                if (sMIMEAssertionTestElement.isNotSigned()) {
                    assertionResult.setFailure(true);
                    assertionResult.setFailureMessage("Mime message is signed");
                } else if (sMIMEAssertionTestElement.isVerifySignature() || !sMIMEAssertionTestElement.isSignerNoCheck()) {
                    assertionResult = verifySignature(sMIMEAssertionTestElement, sMIMESignedParser, str);
                }
            } else {
                log.debug("Did not find signature");
                if (!sMIMEAssertionTestElement.isNotSigned()) {
                    assertionResult.setFailure(true);
                    assertionResult.setFailureMessage("Mime message is not signed");
                }
            }
        } catch (CMSException e) {
            assertionResult.setFailure(true);
            assertionResult.setFailureMessage("Error reading the signature: " + e.getMessage());
        } catch (IOException e2) {
            log.error("Cannot read mime message content: {}", e2.getMessage(), e2);
            assertionResult.setError(true);
            assertionResult.setFailureMessage(e2.getMessage());
        } catch (MessagingException e3) {
            String str2 = "Cannot parse mime msg: " + e3.getMessage();
            log.warn(str2, e3);
            assertionResult.setFailure(true);
            assertionResult.setFailureMessage(str2);
        } catch (SMIMEException e4) {
            assertionResult.setFailure(true);
            assertionResult.setFailureMessage("Cannot extract signed body part from signature: " + e4.getMessage());
        }
        return assertionResult;
    }

    private static AssertionResult verifySignature(SMIMEAssertionTestElement sMIMEAssertionTestElement, SMIMESignedParser sMIMESignedParser, String str) throws CMSException {
        AssertionResult assertionResult = new AssertionResult(str);
        try {
            Store certificates = sMIMESignedParser.getCertificates();
            Iterator it = sMIMESignedParser.getSignerInfos().getSigners().iterator();
            if (it.hasNext()) {
                SignerInformation signerInformation = (SignerInformation) it.next();
                Iterator it2 = certificates.getMatches(signerInformation.getSID()).iterator();
                if (it2.hasNext()) {
                    X509CertificateHolder x509CertificateHolder = (X509CertificateHolder) it2.next();
                    if (sMIMEAssertionTestElement.isVerifySignature()) {
                        verifySignature(signerInformation, assertionResult, x509CertificateHolder);
                    }
                    if (sMIMEAssertionTestElement.isSignerCheckConstraints()) {
                        StringBuilder sb = new StringBuilder();
                        checkSerial(sMIMEAssertionTestElement, assertionResult, x509CertificateHolder, sb);
                        checkEmail(sMIMEAssertionTestElement, assertionResult, x509CertificateHolder, sb);
                        checkSubject(sMIMEAssertionTestElement, assertionResult, x509CertificateHolder, sb);
                        checkIssuer(sMIMEAssertionTestElement, assertionResult, x509CertificateHolder, sb);
                        if (sb.length() > 0) {
                            assertionResult.setFailureMessage(sb.toString());
                        }
                    }
                    if (sMIMEAssertionTestElement.isSignerCheckByFile()) {
                        checkSignerByFile(sMIMEAssertionTestElement, assertionResult, x509CertificateHolder);
                    }
                } else {
                    assertionResult.setFailure(true);
                    assertionResult.setFailureMessage("No signer certificate found in signature");
                }
            }
            if (it.hasNext()) {
                log.warn("SMIME message contains multiple signers! Checking multiple signers is not supported.");
            }
        } catch (GeneralSecurityException e) {
            log.error(e.getMessage(), (Throwable) e);
            assertionResult.setError(true);
            assertionResult.setFailureMessage(e.getMessage());
        }
        return assertionResult;
    }

    private static void verifySignature(SignerInformation signerInformation, AssertionResult assertionResult, X509CertificateHolder x509CertificateHolder) throws CertificateException, CMSException {
        SignerInformationVerifier signerInformationVerifier = null;
        try {
            signerInformationVerifier = new JcaSimpleSignerInfoVerifierBuilder().setProvider("BC").build(x509CertificateHolder);
        } catch (OperatorCreationException e) {
            log.error("Can't create a provider.", e);
        }
        if (signerInformationVerifier == null || !signerInformation.verify(signerInformationVerifier)) {
            assertionResult.setFailure(true);
            assertionResult.setFailureMessage("Signature is invalid");
        }
    }

    /* JADX WARN: Failed to calculate best type for var: r10v0 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Failed to calculate best type for var: r9v1 ??
    java.lang.NullPointerException
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 10, insn: 0x00eb: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r10 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:57:0x00eb */
    /* JADX WARN: Not initialized variable reg: 9, insn: 0x00e6: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r9 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:55:0x00e6 */
    /* JADX WARN: Type inference failed for: r10v0, types: [java.lang.Throwable] */
    /* JADX WARN: Type inference failed for: r9v1, types: [java.io.InputStream] */
    private static void checkSignerByFile(SMIMEAssertionTestElement sMIMEAssertionTestElement, AssertionResult assertionResult, X509CertificateHolder x509CertificateHolder) throws CertificateException {
        CertificateFactory certificateFactory = CertificateFactory.getInstance("X.509");
        try {
            try {
                FileInputStream fileInputStream = new FileInputStream(sMIMEAssertionTestElement.getSignerCertFile());
                Throwable th = null;
                BufferedInputStream bufferedInputStream = new BufferedInputStream(fileInputStream);
                Throwable th2 = null;
                try {
                    try {
                        if (!new JcaX509CertificateHolder((X509Certificate) certificateFactory.generateCertificate(bufferedInputStream)).equals(x509CertificateHolder)) {
                            assertionResult.setFailure(true);
                            assertionResult.setFailureMessage("Signer certificate does not match certificate " + sMIMEAssertionTestElement.getSignerCertFile());
                        }
                        if (bufferedInputStream != null) {
                            if (0 != 0) {
                                try {
                                    bufferedInputStream.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                bufferedInputStream.close();
                            }
                        }
                        if (fileInputStream != null) {
                            if (0 != 0) {
                                try {
                                    fileInputStream.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                fileInputStream.close();
                            }
                        }
                    } catch (Throwable th5) {
                        th2 = th5;
                        throw th5;
                    }
                } catch (Throwable th6) {
                    if (bufferedInputStream != null) {
                        if (th2 != null) {
                            try {
                                bufferedInputStream.close();
                            } catch (Throwable th7) {
                                th2.addSuppressed(th7);
                            }
                        } else {
                            bufferedInputStream.close();
                        }
                    }
                    throw th6;
                }
            } finally {
            }
        } catch (IOException e) {
            if (log.isDebugEnabled()) {
                log.debug("Could not read cert file {}", sMIMEAssertionTestElement.getSignerCertFile(), e);
            }
            assertionResult.setFailure(true);
            assertionResult.setFailureMessage("Could not read certificate file " + sMIMEAssertionTestElement.getSignerCertFile());
        }
    }

    private static void checkIssuer(SMIMEAssertionTestElement sMIMEAssertionTestElement, AssertionResult assertionResult, X509CertificateHolder x509CertificateHolder, StringBuilder sb) {
        String issuerDn = sMIMEAssertionTestElement.getIssuerDn();
        if (issuerDn.length() > 0) {
            String signerDn = sMIMEAssertionTestElement.getSignerDn();
            X500Name issuer = x509CertificateHolder.getIssuer();
            log.debug("IssuerDN from cert: {}", issuer);
            X500Name x500Name = new X500Name(issuerDn);
            log.debug("IssuerDN from assertion: {}", x500Name);
            if (x500Name.equals(issuer)) {
                return;
            }
            assertionResult.setFailure(true);
            sb.append("Issuer distinguished name of signer certificate does not match \"").append(signerDn).append("\"\n");
        }
    }

    private static void checkSubject(SMIMEAssertionTestElement sMIMEAssertionTestElement, AssertionResult assertionResult, X509CertificateHolder x509CertificateHolder, StringBuilder sb) {
        String signerDn = sMIMEAssertionTestElement.getSignerDn();
        if (signerDn.length() > 0) {
            X500Name subject = x509CertificateHolder.getSubject();
            log.debug("DN from cert: {}", subject);
            X500Name x500Name = new X500Name(signerDn);
            log.debug("DN from assertion: {}", x500Name);
            if (x500Name.equals(subject)) {
                return;
            }
            assertionResult.setFailure(true);
            sb.append("Distinguished name of signer certificate does not match \"").append(signerDn).append("\"\n");
        }
    }

    private static void checkEmail(SMIMEAssertionTestElement sMIMEAssertionTestElement, AssertionResult assertionResult, X509CertificateHolder x509CertificateHolder, StringBuilder sb) {
        String signerEmail = sMIMEAssertionTestElement.getSignerEmail();
        if (JOrphanUtils.isBlank(signerEmail) || getEmailFromCert(x509CertificateHolder).contains(signerEmail)) {
            return;
        }
        assertionResult.setFailure(true);
        sb.append("Email address \"").append(signerEmail).append("\" not present in signer certificate\n");
    }

    private static void checkSerial(SMIMEAssertionTestElement sMIMEAssertionTestElement, AssertionResult assertionResult, X509CertificateHolder x509CertificateHolder, StringBuilder sb) {
        String signerSerial = sMIMEAssertionTestElement.getSignerSerial();
        if (JOrphanUtils.isBlank(signerSerial)) {
            return;
        }
        BigInteger readSerialNumber = readSerialNumber(signerSerial);
        if (readSerialNumber.equals(x509CertificateHolder.getSerialNumber())) {
            return;
        }
        assertionResult.setFailure(true);
        sb.append("Serial number ").append(readSerialNumber).append(" does not match serial from signer certificate: ").append(x509CertificateHolder.getSerialNumber()).append("\n");
    }

    private static MimeMessage getMessageFromResponse(SampleResult sampleResult, int i) throws MessagingException {
        SampleResult[] subResults = sampleResult.getSubResults();
        if (i >= subResults.length || i < 0) {
            throw new MessagingException("Message number not present in results: " + i);
        }
        SampleResult sampleResult2 = subResults[i];
        if (log.isDebugEnabled()) {
            log.debug("Bytes: {}, Content Type: {}", Long.valueOf(sampleResult2.getBytesAsLong()), sampleResult2.getContentType());
        }
        MimeMessage mimeMessage = new MimeMessage(Session.getDefaultInstance(new Properties()), new ByteArrayInputStream(sampleResult2.getResponseData()));
        if (log.isDebugEnabled()) {
            log.debug("msg.getSize() = {}", Integer.valueOf(mimeMessage.getSize()));
        }
        return mimeMessage;
    }

    private static BigInteger readSerialNumber(String str) {
        return (str.startsWith("0x") || str.startsWith("0X")) ? new BigInteger(str.substring(2), 16) : new BigInteger(str);
    }

    private static List<String> getEmailFromCert(X509CertificateHolder x509CertificateHolder) {
        ArrayList arrayList = new ArrayList();
        for (RDN rdn : x509CertificateHolder.getSubject().getRDNs(BCStyle.EmailAddress)) {
            for (AttributeTypeAndValue attributeTypeAndValue : rdn.getTypesAndValues()) {
                if (log.isDebugEnabled()) {
                    log.debug("Add email from RDN: {}", IETFUtils.valueToString(attributeTypeAndValue.getValue()));
                }
                arrayList.add(IETFUtils.valueToString(attributeTypeAndValue.getValue()));
            }
        }
        Extension extension = x509CertificateHolder.getExtension(Extension.subjectAlternativeName);
        if (extension != null) {
            for (GeneralName generalName : GeneralNames.getInstance(extension.getParsedValue()).getNames()) {
                if (generalName.getTagNo() == 1) {
                    String valueToString = IETFUtils.valueToString(generalName.getName());
                    log.debug("Add email from subjectAlternativeName: {}", valueToString);
                    arrayList.add(valueToString);
                }
            }
        }
        return arrayList;
    }

    private static void checkForBouncycastle() {
        if (null == Security.getProvider("BC")) {
            Security.addProvider(new BouncyCastleProvider());
        }
    }
}
